Documentation
¶
Overview ¶
Package dnssec provides net.Resolver-compatible methods for DNSSEC.
Fully DNSSEC-compliant: LookupIPAddr, LookupCNAME, LookupSRV, LookupTXT, LookupMX, LookupNS, LookupTLSA
Fallbacks to net.DefaultResolver: LookupAddr, LookupPort, LookupHost
The package uses miekg/dns for low-level DNS intractions and DNS messages parsing.
References 1. DNS https://tools.ietf.org/html/rfc1035 2. DNS clarifications https://tools.ietf.org/html/rfc2181 3. DNSSEC proto change https://tools.ietf.org/html/rfc4035 4. DNSSEC RR change https://tools.ietf.org/html/rfc4034 5. DNSSEC clarifications https://tools.ietf.org/html/rfc6840 6. DNSSEC keys management https://tools.ietf.org/html/rfc6781 7. DNS SRV https://tools.ietf.org/html/rfc2782
Index ¶
- Constants
- Variables
- type Dialer
- type KeyDigest
- type Querier
- type QueryWrapper
- type Resolver
- func (r *Resolver) EffectiveResolverDNS() (servers []ResolverAddress)
- func (r *Resolver) LookupAddr(ctx context.Context, addr string) (names []string, err error)
- func (r *Resolver) LookupCNAME(ctx context.Context, host string) (cname string, err error)
- func (r *Resolver) LookupHost(ctx context.Context, host string) (addrs []string, err error)
- func (r *Resolver) LookupIPAddr(ctx context.Context, host string) (addrs []net.IPAddr, err error)
- func (r *Resolver) LookupMX(ctx context.Context, name string) (addrs []*net.MX, err error)
- func (r *Resolver) LookupNS(ctx context.Context, name string) (addrs []*net.NS, err error)
- func (r *Resolver) LookupPort(ctx context.Context, network, service string) (port int, err error)
- func (r *Resolver) LookupSRV(ctx context.Context, service, proto, name string) (cname string, addrs []*net.SRV, err error)
- func (r *Resolver) LookupTLSA(ctx context.Context, service, proto, name string) (addrs []TLSARec, err error)
- func (r *Resolver) LookupTXT(ctx context.Context, name string) (addrs []string, err error)
- type ResolverAddress
- type ResolverIf
- type TLSARec
- type TrustAnchor
- type TrustQuerier
Constants ¶
const DefaultMaxHops = 10
DefaultMaxHops sets max hops for DNS request
const DefaultTimeout = 1 * time.Second
DefaultTimeout is seconds before giving up request
Variables ¶
var DefaultDnssecAwareNSServers = []ResolverAddress{"1.1.1.1:53", "208.67.222.222:53", "8.8.8.8:53", "77.88.8.8:53", "8.26.56.26:53", "180.76.76.76:53"}
DefaultDnssecAwareNSServers is a list of known public DNSSEC-aware servers
Functions ¶
This section is empty.
Types ¶
type Dialer ¶
type Dialer struct {
InnerDialer *net.Dialer
Resolver ResolverIf
}
Dialer wraps net.Dialer and provides a custom DNSSEC-aware resolver
func (*Dialer) DialContext ¶
DialContext connects to the address on the named network using the provided context. It waits if needed not to exceed connectionsRateLimitingCount. Idea:
net.Dialer.DialContext calls net.Dialer.resolver().resolveAddrList that calls net.Resolver.internetAddrList that ends up in LookupIPAddr -> lookupIPAddr -> parseIPZone -> return So this DialContext: 1. Parses address to host and port 2. If the host is not IPv4/IPv6 address then resolves it with DNSSEC 3. Calls original net.DialContext knowing that the name already resolved and the control flow would be as described above
type KeyDigest ¶
type KeyDigest struct {
XMLName xml.Name `xml:"KeyDigest"`
ID string `xml:"id,attr"`
ValidFrom string `xml:"validFrom,attr"`
ValidUntil string `xml:"validUntil,attr"`
KeyTag uint16 `xml:"KeyTag"`
Algorithm uint8 `xml:"Algorithm"`
DigestType uint8 `xml:"DigestType"`
Digest string `xml:"Digest"`
}
KeyDigest represents a digest entry in the root anchor XML
type Querier ¶
type Querier interface {
QueryRRSet(ctx context.Context, domain string, qtype uint16) ([]dns.RR, []dns.RRSIG, error)
}
Querier provides a method for getting RRSet and RRSig from DNSSEC-aware server
func MakeDNSClient ¶
func MakeDNSClient(servers []ResolverAddress, timeout time.Duration) Querier
MakeDNSClient creates a new instance of dnsClient
type QueryWrapper ¶
type QueryWrapper struct {
Querier
}
QueryWrapper implements TrustQuerier GetRootAnchor is forwared to MakeRootTrustAnchor
func (QueryWrapper) GetRootAnchorDS ¶
func (qw QueryWrapper) GetRootAnchorDS() (dss []dns.DS, err error)
GetRootAnchorDS returns DS from a real trust anchor
type Resolver ¶
type Resolver struct {
// contains filtered or unexported fields
}
Resolver provides DNSSEC resolution
func (*Resolver) EffectiveResolverDNS ¶
func (r *Resolver) EffectiveResolverDNS() (servers []ResolverAddress)
EffectiveResolverDNS return list of active DNS servers
func (*Resolver) LookupAddr ¶
LookupAddr performs a reverse lookup for the given address, returning a list of names mapping to that address.
func (*Resolver) LookupCNAME ¶
LookupCNAME returns CNAME record content for a given name
func (*Resolver) LookupHost ¶
LookupHost looks up the given host using the local resolver. It returns a slice of that host's addresses.
func (*Resolver) LookupIPAddr ¶
LookupIPAddr resolves a given hostname to ipv4 or ipv6 address
func (*Resolver) LookupPort ¶
LookupPort looks up the port for the given network and service.
func (*Resolver) LookupSRV ¶
func (r *Resolver) LookupSRV(ctx context.Context, service, proto, name string) (cname string, addrs []*net.SRV, err error)
LookupSRV returns SRV records content for a service, proto and given name Like net.Resolver, it orders results according to Priority and Weight
type ResolverAddress ¶
type ResolverAddress string
ResolverAddress is ip addr + port as string
func MakeResolverAddress ¶
func MakeResolverAddress(addr, port string) ResolverAddress
MakeResolverAddress creates a new ResolverAddress instance from address and port
func SystemConfig ¶
func SystemConfig() (servers []ResolverAddress, timeout time.Duration, err error)
SystemConfig return list of DNS servers and timeout from /etc/resolv.conf
type ResolverIf ¶
type ResolverIf interface {
LookupAddr(ctx context.Context, addr string) (names []string, err error)
LookupCNAME(ctx context.Context, host string) (cname string, err error)
LookupHost(ctx context.Context, host string) (addrs []string, err error)
LookupIPAddr(ctx context.Context, host string) ([]net.IPAddr, error)
LookupMX(ctx context.Context, name string) ([]*net.MX, error)
LookupNS(ctx context.Context, name string) ([]*net.NS, error)
LookupPort(ctx context.Context, network, service string) (port int, err error)
LookupSRV(ctx context.Context, service, proto, name string) (cname string, addrs []*net.SRV, err error)
LookupTXT(ctx context.Context, name string) ([]string, error)
}
ResolverIf represents net.Resolver-compatible interface
func MakeDefaultDnssecResolver ¶
func MakeDefaultDnssecResolver(fallbackAddress string, log logging.Logger) ResolverIf
MakeDefaultDnssecResolver returns a resolver with all possible DNS servers: system, fallback, default
func MakeDnssecResolver ¶
func MakeDnssecResolver(servers []ResolverAddress, timeout time.Duration) ResolverIf
MakeDnssecResolver return resolver from given NS servers and timeout duration
type TLSARec ¶
type TLSARec struct {
Usage uint8
Selector uint8
MatchingType uint8
Certificate string `dns:"hex"`
}
TLSARec represents TLSA record content
type TrustAnchor ¶
type TrustAnchor struct {
XMLName xml.Name `xml:"TrustAnchor"`
Zone string `xml:"Zone"`
Digests []KeyDigest `xml:"KeyDigest"`
}
TrustAnchor is deserialized the root anchor XML
func MakeRootTrustAnchor ¶
func MakeRootTrustAnchor() (TrustAnchor, error)
MakeRootTrustAnchor uses hard-coded root anchor XML and returns TrustAnchor instance
Source Files
Directories